Changed RADIUS MTU and small fixes

Mika Leppänen · Mika Leppänen · commit bac7ca68523a · 2020-09-04T09:25:05.000+03:00
diff --git a/source/6LoWPAN/ws/ws_config.h b/source/6LoWPAN/ws/ws_config.h
@@ -273,4 +273,11 @@ extern uint8_t DEVICE_MIN_SENS;
 #define RADIUS_CLIENT_RETRY_IMAX           30       // First retry maximum 3 seconds
 #define RADIUS_CLIENT_TIMER_EXPIRATIONS    3        // Number of retries is three
 
+/*
+ *  EAP-TLS fragment length
+ *
+ *  Configures both EAP-TLS and the RADIUS client (Framed-MTU on RFC 2864)
+ */
+#define EAP_TLS_FRAGMENT_LEN_VALUE         600       // EAP-TLS fragment length
+
 #endif /* WS_CONFIG_H_ */
diff --git a/source/6LoWPAN/ws/ws_pae_controller.c b/source/6LoWPAN/ws/ws_pae_controller.c
@@ -1221,7 +1221,8 @@ int8_t ws_pae_controller_radius_address_set(int8_t interface_id, const uint8_t *
     }
 
     if (ws_pae_auth_radius_address_set(controller->interface_ptr, radius_cfg->radius_addr) < 0) {
-        return -1;
+        // If not set here since authenticator not created, then set on authenticator initialization
+        return 0;
     }
 
     return 0;
diff --git a/source/Security/kmp/kmp_socket_if.c b/source/Security/kmp/kmp_socket_if.c
@@ -91,7 +91,7 @@ int8_t kmp_socket_if_register(kmp_service_t *service, uint8_t *instance_id, bool
     if (*instance_id == 0) {
         socket_if->instance_id = kmp_socket_if_instance_id++;
         if (socket_if->instance_id == 0) {
-            socket_if->instance_id++;
+            socket_if->instance_id = kmp_socket_if_instance_id++;
         }
         *instance_id = socket_if->instance_id;
     }
diff --git a/source/Security/protocols/eap_tls_sec_prot/eap_tls_sec_prot_lib.c b/source/Security/protocols/eap_tls_sec_prot/eap_tls_sec_prot_lib.c
@@ -201,8 +201,8 @@ static int8_t eap_tls_sec_prot_lib_ack_update(tls_data_t *tls)
         return false;
     }
 
-    if (tls->handled_len + TLS_FRAGMENT_LEN < tls->total_len) {
-        tls->handled_len += TLS_FRAGMENT_LEN;
+    if (tls->handled_len + EAP_TLS_FRAGMENT_LEN_VALUE < tls->total_len) {
+        tls->handled_len += EAP_TLS_FRAGMENT_LEN_VALUE;
         return false;
     }
 
@@ -236,8 +236,8 @@ static uint8_t *eap_tls_sec_prot_lib_fragment_write(uint8_t *data, uint16_t tota
         data_begin[0] = *flags;
     }
 
-    if (total_len - handled_len > TLS_FRAGMENT_LEN) {
-        *message_len += TLS_FRAGMENT_LEN;
+    if (total_len - handled_len > EAP_TLS_FRAGMENT_LEN_VALUE) {
+        *message_len += EAP_TLS_FRAGMENT_LEN_VALUE;
 
         if (handled_len == 0) {
             data_begin -= 4; // length
diff --git a/source/Security/protocols/eap_tls_sec_prot/eap_tls_sec_prot_lib.h b/source/Security/protocols/eap_tls_sec_prot/eap_tls_sec_prot_lib.h
@@ -54,7 +54,6 @@ typedef struct {
     uint16_t                      handled_len;    /**< Handled length of the data buffer (e.g. acked by other end) */
 } tls_data_t;
 
-#define TLS_FRAGMENT_LEN          600   //EAP-TLS fragment length
 #define TLS_HEAD_LEN              5      //EAP-TLS flags and EAP-TLS length
 
 extern const uint8_t eap_msg_trace[4][10];
diff --git a/source/Security/protocols/eap_tls_sec_prot/radius_eap_tls_sec_prot.c b/source/Security/protocols/eap_tls_sec_prot/radius_eap_tls_sec_prot.c
@@ -495,7 +495,7 @@ static void radius_eap_tls_sec_prot_state_machine(sec_prot_t *prot)
 
             // On timeout
             if (sec_prot_result_timeout_check(&data->common)) {
-                // Do nothing for now
+                // Do nothing (trickle timer not running, so should not happen)
                 return;
             }
 
diff --git a/source/Security/protocols/radius_sec_prot/avp_helper.h b/source/Security/protocols/radius_sec_prot/avp_helper.h
@@ -46,8 +46,8 @@
 // EUI-64 in ascii string: 00-11-..-77
 #define STATION_ID_LEN                           16 + 7
 
-// MTU value TBD
-#define FRAMED_MTU                               1400
+// MTU value is set by EAP-TLS fragment length
+#define FRAMED_MTU                               EAP_TLS_FRAGMENT_LEN_VALUE
 
 #define NAS_PORT                                 1
 
diff --git a/source/Security/protocols/radius_sec_prot/radius_client_sec_prot.c b/source/Security/protocols/radius_sec_prot/radius_client_sec_prot.c
@@ -508,7 +508,9 @@ static int8_t radius_client_sec_prot_receive(sec_prot_t *prot, void *pdu, uint16
             if (radius_client_sec_prot_ms_mppe_recv_key_pmk_decrypt(prot, recv_key,
                                                                     recv_key_len - AVP_FIXED_LEN, data->request_authenticator, data->new_pmk) >= 0) {
                 data->new_pmk_set = true;
+#ifdef EXTRA_DEBUG_INFO
                 tr_info("RADIUS PMK: %s %s", tr_array(data->new_pmk, 16), tr_array(data->new_pmk + 16, 16));
+#endif
             }
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -1221,7 +1221,8 @@ int8_t ws_pae_controller_radius_address_set(int8_t interface_id, const uint8_t *`
`1221`	`1221`	`}`
`1222`	`1222`
`1223`	`1223`	`if (ws_pae_auth_radius_address_set(controller->interface_ptr, radius_cfg->radius_addr) < 0) {`
`1224`		`- return -1;`
	`1224`	`+ // If not set here since authenticator not created, then set on authenticator initialization`
	`1225`	`+ return 0;`
`1225`	`1226`	`}`
`1226`	`1227`
`1227`	`1228`	`return 0;`
Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ int8_t kmp_socket_if_register(kmp_service_t service, uint8_t instance_id, bool`
`91`	`91`	`if (*instance_id == 0) {`
`92`	`92`	`socket_if->instance_id = kmp_socket_if_instance_id++;`
`93`	`93`	`if (socket_if->instance_id == 0) {`
`94`		`- socket_if->instance_id++;`
	`94`	`+ socket_if->instance_id = kmp_socket_if_instance_id++;`
`95`	`95`	`}`
`96`	`96`	`*instance_id = socket_if->instance_id;`
`97`	`97`	`}`
Original file line number	Diff line number	Diff line change
`@@ -201,8 +201,8 @@ static int8_t eap_tls_sec_prot_lib_ack_update(tls_data_t *tls)`
`201`	`201`	`return false;`
`202`	`202`	`}`
`203`	`203`
`204`		`- if (tls->handled_len + TLS_FRAGMENT_LEN < tls->total_len) {`
`205`		`- tls->handled_len += TLS_FRAGMENT_LEN;`
	`204`	`+ if (tls->handled_len + EAP_TLS_FRAGMENT_LEN_VALUE < tls->total_len) {`
	`205`	`+ tls->handled_len += EAP_TLS_FRAGMENT_LEN_VALUE;`
`206`	`206`	`return false;`
`207`	`207`	`}`
`208`	`208`
`@@ -236,8 +236,8 @@ static uint8_t eap_tls_sec_prot_lib_fragment_write(uint8_t data, uint16_t tota`
`236`	`236`	`data_begin[0] = *flags;`
`237`	`237`	`}`
`238`	`238`
`239`		`- if (total_len - handled_len > TLS_FRAGMENT_LEN) {`
`240`		`- *message_len += TLS_FRAGMENT_LEN;`
	`239`	`+ if (total_len - handled_len > EAP_TLS_FRAGMENT_LEN_VALUE) {`
	`240`	`+ *message_len += EAP_TLS_FRAGMENT_LEN_VALUE;`
`241`	`241`
`242`	`242`	`if (handled_len == 0) {`
`243`	`243`	`data_begin -= 4; // length`
Original file line number	Diff line number	Diff line change
`@@ -495,7 +495,7 @@ static void radius_eap_tls_sec_prot_state_machine(sec_prot_t *prot)`
`495`	`495`
`496`	`496`	`// On timeout`
`497`	`497`	`if (sec_prot_result_timeout_check(&data->common)) {`
`498`		`- // Do nothing for now`
	`498`	`+ // Do nothing (trickle timer not running, so should not happen)`
`499`	`499`	`return;`
`500`	`500`	`}`
`501`	`501`
Original file line number	Diff line number	Diff line change
`@@ -508,7 +508,9 @@ static int8_t radius_client_sec_prot_receive(sec_prot_t prot, void pdu, uint16`
`508`	`508`	`if (radius_client_sec_prot_ms_mppe_recv_key_pmk_decrypt(prot, recv_key,`
`509`	`509`	`recv_key_len - AVP_FIXED_LEN, data->request_authenticator, data->new_pmk) >= 0) {`
`510`	`510`	`data->new_pmk_set = true;`
	`511`	`+#ifdef EXTRA_DEBUG_INFO`
`511`	`512`	`tr_info("RADIUS PMK: %s %s", tr_array(data->new_pmk, 16), tr_array(data->new_pmk + 16, 16));`
	`513`	`+#endif`
`512`	`514`	`}`
`513`	`515`	`}`
`514`	`516`	`}`